Hi > Anybody has any idea where to get sources(eg > perl codes) for automating generation of client > certificate and importing into IE4 for Openssl > through http? > Found some related documents for SSLeay > (http://cognac.epfl.ch/SIC/SL/CA/) but it is > somehow different. For example, it requires the > users to generate private/public keys from their > browsers. But for Openssl, we can generate from > the server side. > Is it the only way to load the certificates > into IE4 is to physically transfer the user.p12 > file to a diskette and pass it to the user to > load into IE4? No other ways to do through web? > Please help. Thank you! Client-side generation is usually how it's done as if the server makes the private key it can keep a copy of it, a potential security problem. I'm currently about to start a form of CA myself, and if I generated a private key for you, then even if you trusted me I would have to hand the private key over to the police if it was possible I had it. If I just sign your public key then there is no way I can have your private key. With the aid of some sample code, I have found out how to use Microsoft's Enrollment control. Basically, you feed info on the key to generate (the type to generate and the DN) to the control using VBScript, and it makes a PKCS10 request, which you pass back to the server (in my case using a POST form). You can then do what you like, and then you dynamically write a page that contains the signed key (PKCS7), and some VBScript that sets up the Enrollment control and passes the key to it. It then writes it alongside the private key in the certificate store. As I said, I'm in the final stages of doing this myself using perl, so if you want my code as a starting point drop me a line over email. Also, the Enrollment control itself has a good help file with sample code and a full reference (see the MS web site). HTH, Luke ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
